Computer underground Digest Sun May 2 1993 Volume 5 : Issue 32 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Cyop Editor: Etaoin Shrdlu, Senior CONTENTS, #5.32 (May 2 1993) File 1--If you missed the Galactic Hacker Party of 1989.... File 2--SPA Needs A Different Direction File 3--Some thoughts on Clipper and the Constitution (1) File 4--Some thoughts on Clipper and the Constitution (2) File 5--Clinton Administration Freedom of Information Policy File 6--Hacker Accused of Rigging Radio Contests File 7--"Hacker" Executed in China File 8--Electronic Privacy Conf w/Oliver North & Chris Goggans Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG WHQ) 203-832-8441 NUP:Conspiracy CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in Luxembourg BBS (++352) 466893; ANONYMOUS FTP SITES: UNITED STATES: ftp.eff.org (192.88.144.4) in /pub/cud uglymouse.css.itd.umich.edu (141.211.182.53) in /pub/CuD/cud halcyon.com( 202.135.191.2) in /pub/mirror/cud AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. EUROPE: nic.funet.fi in pub/doc/cud. (Finland) ftp.warwick.ac.uk in pub/cud (United Kingdom) Back issues also may be obtained through mailserver at: server@blackwlf.mese.com COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Wed, 28 Apr 1993 04:12:57 -0700 From: Emmanuel Goldstein Subject: File 1--If you missed the Galactic Hacker Party of 1989.... Hack-Tic presents: ------------------------------------------------------------------- H A C K I N G A T T H E E N D O F T H E U N I V E R S E ------------------------------------------------------------------- An 'in-tents' summer congress H U H? +------- Remember the Galactic Hacker Party back in 1989? Ever wondered what happened to the people behind it? We sold out to big business, you think. Think again, we're back! That's right. On august 4th, 5th and 6th 1993, we're organising a three-day summer congress for hackers, phone phreaks, programmers, computer haters, data travellers, electro-wizards, networkers, hardware freaks, techno-anarchists, communications junkies, cyberpunks, system managers, stupid users, paranoid androids, Unix gurus, whizz kids, warez dudes, law enforcement officers (appropriate undercover dress required), guerilla heating engineers and other assorted bald, long-haired and/or unshaven scum. And all this in the middle of nowhere (well, the middle of Holland, actually, but that's the same thing) at the Larserbos campground four metres below sea level. The three days will be filled with lectures, discussions and workshops on hacking, phreaking, people's networks, Unix security risks, virtual reality, semafun, social engineering, magstrips, lockpicking, viruses, paranoia, legal sanctions against hacking in Holland and elsewhere and much, much more. English will be the lingua franca for this event, although some workshops may take place in Dutch. There will be an Internet connection, an intertent ethernet and social interaction (both electronic and live). Included in the price are four nights in your own tent. Also included are inspiration, transpiration, a shortage of showers (but a lake to swim in), good weather (guaranteed by god), campfires and plenty of wide open space and fresh air. All of this for only 100 dutch guilders (currently around US$70). We will also arrange for the availability of food, drink and smokes of assorted types, but this is not included in the price. Our bar will be open 24 hours a day, as well as a guarded depository for valuables (like laptops, cameras etc.). You may even get your stuff back! For people with no tent or air mattress: you can buy a tent through us for 100 guilders, a mattress costs 10 guilders. You can arrive from 17:00 (that's five p.m. for analogue types) on August 3rd. We don't have to vacate the premises until 12:00 noon on Saturday, August 7 so you can even try to sleep through the devastating Party at the End of Time (PET) on the closing night (live music provided). We will arrange for shuttle buses to and from train stations in the vicinity. H O W ? +------- Payment: In advance only. Even poor techno-freaks like us would like to get to the Bahamas at least once, and if enough cash comes in we may just decide to go. So pay today, or tomorrow, or yesterday, or in any case before Friday, June 25th 1993. Since the banks still haven't figured out why the Any key doesn't work for private international money transfers, you should call, fax or e-mail us for the best way to launder your currency into our account. We accept American Express, even if they do not accept us. But we are more understanding than they are. Foreign cheques go directly into the toilet paper recycling bin for the summer camp, which is about all they're good for here. H A ! +----- Very Important: Bring many guitars and laptops. M E ? +----- Yes, you! Busloads of alternative techno-freaks from all over the planet will descend on this event. You wouldn't want to miss that, now, would you? Maybe you are part of that select group that has something special to offer! Participating in 'Hacking at the End of the Universe' is exciting, but organising your very own part of it is even more fun. We already have a load of interesting workshops and lectures scheduled, but we're always on the lookout for more. We're also still in the market for people who want to help us organize this during the congress. In whatever way you wish to participate, call, write, e-mail or fax us soon, and make sure your money gets here on time. Space is limited. S O : +----- > 4th, 5th and 6th of August > Hacking at the End of the Universe (a hacker summer congress) > ANWB groepsterrein Larserbos (Flevopolder, Netherlands) > Cost: fl. 100,- (+/- 70 US$) per person (including 4 nights in your own tent) M O R E I N F O : +------------------- Hack-Tic Postbus 22953 1100 DL Amsterdam The Netherlands tel : +31 20 6001480 fax : +31 20 6900968 E-mail : heu@hacktic.nl V I R U S : +----------- If you know a forum or network that you feel this message belongs on, by all means slip it in. Echo-areas, your favorite bbs, /etc/motd, IRC, WP.BAT, you name it. Spread the worm, uh, word. ------------------------------ Date: 29 Apr 93 21:31:10 EDT From: Gordon Meyer <72307.1502@COMPUSERVE.COM> Subject: File 2--SPA Needs A Different Direction Michael Alexander, Editor in Chief and Associate Publisher of INFOSECURITY NEWS had some interesting comments about the SPA in his May/June editorial. Here are excerpts, for the full remarks refer to page 7. Several years ago I attended the first meeting of the Software Publishers Association, which was being held during the Winter Consumer Electronics Show in Las Vegas... I recall little about that initial meeting other than the fact that it was not particularly well organized. Based on the low turnout, ... I wrote a small article about the meeting and I think I suggested that the software industry had little need for the proposed association. Obviously I was wrong. The SPA has grown to more than 1,000 members in the past eight years and has become a powerful force in the industry. The SPA has also be come known as the "Software Police" as a result of is raids against copyright infringers and software pirates. ... Few people would argue with the fact that all software publishers should be compensated fairly for their products and that copyright laws must be protected on ethical and financial grounds. However, I believe that the SPA's much-publicized raids on businesses whose users are allegedly making unauthorized copies of software do little to advance the cause of information systems security. Any infosecurity practitioner will tell you that fear, intimidation and threats do not make for better security. What works is education, communication and cooperation. The vast majority of infosecurity professionals are aware of the pitfalls of copyright infringement and are working diligently to control the problem within their organizations. The SPA itself confirms that the problem of copyright in the US is declining. Thus it is time for the SPA to put its clout to more productive use. ... One of the first things the SPA should do is to withdraw its current print ads, such as the ones depicting users behind bars. These ads are in poor taste and insulting both to infosecurity professionals and to the people who provide the billions in revenues that the SPA's members receive. ------------------------------ Date: Wed, 28 Apr 93 12:57:01 PDT From: Spartan@CUP.PORTAL.COM Subject: File 3--Some thoughts on Clipper and the Constitution (1) Date--Mon, 26 Apr 93 17:55:36 -0500 From--mnemonic@eff.org (Mike Godwin) Newsgroups--austin.eff Subject--Some thoughts on Clipper and the Constitution Note: These notes were a response to a question during Saturday's Cypherpunks meeting about the possible implications of the Clipper Chip initiative on Fourth Amendment rights. Forward to anyone else who might think these interesting. --Mike Notes on Cryptography, Digital Telephony, and the Bill of Rights By Mike Godwin I. Introduction A. The recent announcement of the federal government's "Clipper Chip" has started me thinking again about what the principled "pure Constitutional" arguments a) opposed to Digital Telephony and b) in favor of the continuing legality of widespread powerful public-key encryption. B. These notes do *not* include many of the complaints that have already been raised about the Clipper Chip initiative, such as: 1. Failure of the Administration to conduct an inquiry before embracing a standard, 2. Refusal to allow public scrutiny of the chosen encryption algorithm(s), which is the normal procedure for testing a cryptographic scheme, and 3. Failure of the administration to address the policy questions raised by the Clipper Chip, such as whether the right balance between privacy and law-enforcement needs has been struck. C. In other words, they do not address complaints about the federal government's *process* in embracing the Clipper Chip system. They do, however, attempt to address some of the substantive legal and Constitutional questions raised by the Clipper Chip and Digital Telephony initiatives. II. Hard Questions from Law Enforcement A. In trying to clarify my own thinking about the possible Constitutional issues raised by the government's efforts to guarantee access to public communications between individuals, I have spoken and argued with a number of individuals who are on the other side of the issues from me, including Dorothy Denning and various respresentatives of the FBI, including Alan McDonald. B. McDonald, like Denning and other proponents both of Digital Telephony and of a standard key-escrow system for cryptography, is fond of asking hard questions: What if FBI had a wiretap authorization order and couldn't implement it, either because it was impossible to extract the right bits from a digital-telephony data stream, or because the communication was encrypted? Doesn't it make sense to have a law that requires the phone companies to be able to comply with a wiretap order? C. Rather than respond to these questions, for now at least let's ask a different question. Suppose the FBI had an authorization order for a secret microphone at a public restaurant. Now suppose it planted the bug, but couldn't make out the conversation it was authorized to "seize" because of background noise at the restaurant. Wouldn't it make sense to have a law requiring everyone to speak more softly in restaurants and not to clatter the dishes so much? D. This response is not entirely facetious. The Department of Justice and the FBI have consistently insisted that they are not seeking new authority under the federal wiretap statutes ("Title III"). The same statute that was drafted to outline the authority for law enforcement to tap telephonic conversations was also drafted to outline law enforcement's authority to capture normal spoken conversations with secret or remote microphones. (The statute was amended in the middle '80s by the Electronic Communications Privacy Act to protect "electronic communications," which includes e-mail, and a new chapter protecting _stored_ electronic communications was also added.) E. Should we understand the law the way Digital Telephony proponents insist we do--as a law designed to mandate that the FBI (for example) be guaranteed access to telephonic communications? Digital Telephony supporters insist that it merely "clarifies" phone company obligations and governmental rights under Title III. If they're right, then I think we have to understand the provisions regarding "oral communications" the same way. Which is to say, it would make perfect sense to have a law requiring that people speak quietly in public places, so as to guarantee that the government can bug an oral conversation if it needs to. F. But of course I don't really take Digital Telephony as an initiative to "clarify" governmental prerogatives. It seems clear to me that Digital Telephony, together with the "Clipper" initiative, prefigure a government strategy to set up an information regime that precludes truly private communications between individuals who are speaking in any way other than face-to-face. This I think is an expansion of government authority by almost any analysis. III. Digital Telephony, Cryptography, and the Fourth Amendment A. In talking with law enforcement representatives such as Gail Thackeray, one occasionally encounters the view that the Fourth Amendment is actually a _grant_ of a Constitutional entitlement to searches and seizures. This interpretation is jolting to those who have studied the history of the Fourth Amendment and who recognize that it was drafted as a limitation on government power, not as a grant of government power. But even if one doesn't know the history of this amendment, one can look at its language and draw certain conclusions. B. The Fourth Amendment reads: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." C. Conspicuously missing from the language of this amendment is any guarantee that the government, with properly obtained warrant in hand, will be _successful_ in finding the right place to be searched or persons or things to be seized. What the Fourth Amendment is about is _obtaining warrants_--similarly, what the wiretap statutes are about is _obtaining authorization_ for wiretaps and other interceptions. Neither the Fourth Amendment nor Title III nor the other protections of the ECPA constitute an law-enforcement _entitlement_ for law enforcement. D. It follows, then, that if digital telephony or widespread encryption were to create new burdens for law enforcement, this would not, as some law-enforcement representatives have argued, constitute an "effective repeal" of Title III. What it would constitute is a change in the environment in which law enforcement, along with the rest of us, has to work. Technology often creates changes in our social environment--some, such as the original innovation of the wiretap, may aid law enforcement, while others, such as powerful public-key cryptography, pose the risk of inhibiting law enforcement. Historically, law enforcement has responded to technological change by adapting. (Indeed, the original wiretaps were an adaptation to the widespread use of the telephone.) Does it make sense for law enforcement suddenly to be able to require that the rest of society adapt to its perceived needs? IV. Cryptography and the First Amendment A. Increasingly, I have come to see two strong links between the the use of cryptography and the First Amendment. The two links are freedom of expression and freedom of association. B. By "freedom of expression" I mean the traditionally understood freedoms of speech and the press, as well as freedom of inquiry, which has also long been understood to be protected by the First Amendment. It is hard to see how saying or publishing something that happens to be encrypted could not be protected under the First Amendment. It would be a very poor freedom of speech indeed that dictated that we could *never* choose the form in which we speak. Even the traditional limitations on freedom of speech have never reached so far. My decision to encrypt a communication should be no more illegal than my decision to speak in code. To take one example, suppose my mother and I agree that the code "777", when sent to me through my pager, means "I want you to call me and tell me how my grandchild is doing." Does the FBI have a right to complain because they don't know what "777" means? Should the FBI require pager services never to allow such codes to be used? The First Amendment, it seems to me, requires that both questions be answered "No." C. "Freedom of association" is a First Amendment right that was first clearly articulated in a Supreme Court case in 1958: NAACP v. Alabama ex rel. Patterson. In that case, the Court held that Alabama could not require the NAACP to disclose a list of its members residing in Alabama. The Court accepted the NAACP's argument that disclosure of its list would lead to reprisals on its members; it held such forced disclosures, by placing an undue burden on NAACP members' exercise of their freedoms of association and expression, effectively negate those freedoms. (It is also important to note here that the Supreme Court in effect recognized that anonymity might be closely associated with First Amendment rights.) D. If a law guaranteeing disclosure of one's name is sufficiently "chilling" of First Amendment rights to be unconstitutional, surely a law requiring that the government be able to read any communications is also "chilling," not only of my right to speak, but also of my decisions on whom to speak to. Knowing that I cannot guarantee the privacy of my communications may mean that I don't conspire to arrange any drug deals or kidnapping-murders (or that I'll be detected if do), but it also may mean that I choose not to use this medium to speak to a loved one, or my lawyer, or to my psychiatrist, or to an outspoken political activist. Given that computer-based communications are likely to become the dominant communications medium in the next century, isn't this chilling effect an awfully high price to pay in order to keep law enforcement from having to devise new solutions to new problems? V. Rereading the Clipper Chip announcements A. It is important to recognize that the Clipper Chip represents, among other things, an effort by the government to pre-empt certain criticisms. The language of announcements makes clear that the government wants us to believe it has recognized all needs and come up with a credible solution to the dilemma many believe is posed by the ubiquity of powerful cryptography. B. Because the government is attempting to appear to take a "moderate" or "balanced" position to the issue, its initiative will tend to pre-empt criticisms of the government's proposal on the grounds of *process* alone. C. But there is more to complain about here than bad process. My rereading of the Clipper Chip announcements will reveal that the government hopes to develop a national policy that includes limitations on some kinds of cryptography. Take the following two statements, for example: D. 'We need the "Clipper Chip" and other approaches that can both provide law-abiding citizens with access to the encryption they need and prevent criminals from using it to hide their illegal activities.' E. 'The Administration is not saying, "since encryption threatens the public safety and effective law enforcement, we will prohibit it outright" (as some countries have effectively done); nor is the U.S. saying that "every American, as a matter of right, is entitled to an unbreakable commercial encryption product." ' F. It is clear that neither Digital Telephony nor the Clipper Chip make any sense without restrictions on other kinds of encryption. Widespread powerful public-key encryption, for example, would render useless any improved wiretappability in the communications infrastructure, and would render superfluous any key-escrow scheme. G. It follows, then, that we should anticipate, consistent with these two initiatives, an eventual effort to prevent or inhibit the use of powerful private encryption schemes in private hands. H. Together with the Digital Telephony and Clipper Chip initiatives, this effort would, in my opinion, constitute an attempt to shift the Constitutional balance of rights and responsibilities against private entities and individuals and in favor of law enforcement. They would, in effect, create _entitlements_ for law enforcement where none existed before. I. As my notes here suggest, these initiatives may be, in their essence, inconsistent with Constitutional guarantees of expression, association, and privacy. ------------------------------ Date: Wed, 28 Apr 93 10:21:16 PDT From: Spartan@CUP.PORTAL.COM Subject: File 4--Some thoughts on Clipper and the Constitution (2) Mike Godwin's recent essay on the Clipper Chip (reprinted above), Digital Telephony and the Constitution raises several interesting points. I'll confine my response to those points relating to the "chilling effect" that encryption may have on the use of emerging communications technology. Firstly, I have to admit my philosophical bias against the crippled-security scheme employed in the Clipper Chip. I do not have any better reason (better than the government's reason) for wanting a snoop-proof communications system; however, I acknowledge that the government believes that it has a good reason for desiring it. As in most civil liberties cases, the issue comes down to a balance of "good" reasons by both parties. How much will the crippled encryption scheme really "chill" our use of emergent communications technology, i.e., threaten our free speech protection to the point that we may opt (if possible) to use other communication media? My understanding is that law enforcement officials will still need to procure a warrant prior to decrypting encoded communication. If this is the case, will not encrypted communication enjoy the same expectation of privacy as standard telephone communications and postal mail? It seems that the warrant is the best device we have to protect us from illegal search and seizure. The threat of a warrant does not seem to have a wide chilling effect on the use of standard telephones and postal mail--yet, the possibility of interception is still ever-present. We have created and authorized government to see to our mutual protection, among other things. This protection involves the execution of duly legislated laws and the prosecution of alleged criminals. In order that government may carry out this charge we have empowered it with the ability to investigate crimes by seizing evidence and arresting suspects. It is in this area that we seek a balance: evidence is often someone's valuable (and private) property and suspects are innocent until proven guilty. Does not the warrant sufficiently address this balance? It protects suspects and property from frivolous seizure. It allows law enforcement officers to investigate cases for which there appears sufficient probable cause and supporting evidence. If the protection that a warrant offers is not sufficient to alleviate our fears of unwarranted search, seizure, and arrest, then perhaps there are bigger problems to deal with other than encryption schemes. I'm nowhere near as qualified as Mike to offer an opinion on this issue, but it seems to me that the "process" is exactly where we should be focusing--the Constitutional issues are fascinating, but distracting. I have to believe that the warrant is an acceptable safeguard to both sides of the balance. Given that, it appears that the balance has been disturbed by an unilateral decision with respect to the Clipper Chip. The plan presented by the Clinton Administration, as far as attempting to balance the concerns of government and the people, seems sound. The fact that the people (and its organized interest groups) were not consulted has attracted undue criticism to a feasible plan that is actually wanting of process. This is a political problem in that a practical solution is available, but cannot be agreed upon because the process leading to that solution did not allow for the necessary consultation and input to insure its acceptability. I'm certain that once bruised egos are attended to and future assurances of consultation are gained, that the solution settled upon will be very much like the one that stands. Rich MacKinnon Department of Government University of Texas-Austin ------------------------------ Date: Fri, 30 Apr 1993 11:23:41 EDT From: Paul Hyland Subject: File 5--Clinton Administration Freedom of Information Policy >Originally From--rich@pencil.cs.missouri.edu (Rich Winkel) /* Written 2:09 am Apr 14, 1993 by nigel.allen@canrem.com in igc:alt.news-media */ /* ---------- "White House Official Outlines Freed" ---------- */ White House Official Outlines Freedom of Information Strategy at 'Information Summit' To: National Desk, Media Writer Contact: Ellen Nelson of The Freedom Forum First Amendment Center, 615-321-9588 NASHVILLE, Tenn., April 13 -- A White House official today outlined a broad open government strategy for the Clinton administration, throwing support behind legislation to apply the Freedom of Information Act to electronic records. "At the Clinton White House, most of the debate over the E-mail system is about how we can interconnect it to public services rather than how we can destroy the records or tear out the hard drives before the subpoenas come to reach us," said John Podesta, assistant to the president and staff secretary. Podesta made his comments in front of 70 participants in the nation's first Freedom of Information Summit, sponsored by The Freedom Forum First Amendment Center at Vanderbilt University. Though the economy dominates the headlines, Podesta said the new administration was quietly working across a broad front to open government. His "predictions for the first year," included: -- Working with Sen. Patrick Leahy (D-Vermont) to win approval this session for a bill allowing access to dozens of electronic databases in the federal government. -- Developing an electronic mail system within the federal government to improve citizen participation in government. -- Making the government's archives available on the nation's "information highway," and appointing a national archivist "who cares more about preserving history than about preserving his job." --Creating a "mood of declassification" with new executive orders from the president outlining what government may keep secret. -- "Reinventing government" under initiatives developed by the fall by Vice President Gore to require more openness on the part of civil servants throughout the bureaucracy. Podesta also pledged lobbying reform and political reform to "get rid of the soft money in campaigns." The Freedom of Information Act may need strengthening in addition to electronic access, he said. Pinched by a dozen years of tight information policy, news organizations have sent President Clinton a freedom of information policy paper calling for wholesale personnel changes in FOIA-related jobs, junking the secrecy classifications of President Reagan's Executive Order 12356, overhauling the Freedom of Information Act and ending military censorship of war reporting. "People working on behalf of the public on more openness in government at all levels are heartened by the prospect of the White House taking the lead in this area," said Paul McMasters, executive director of The Freedom Forum First Amendment Center at Vanderbilt University. The conference, sponsored by The Freedom Forum First Amendment Center at Vanderbilt University, is focusing on issues ranging from the Clinton administration's policies on open government to restrictions on public access to crime, accident and disaster scenes. The conference, open to the public, is at the Stouffer Hotel in downtown Nashville. Speakers on the Clinton FOI Agenda included Richard Schmidt Jr., general counsel to the American Society of Newspaper Editors and partner in the law firm of Cohn & Marks in Washington, D.C.; Theresa Amato, the director of the FOI Clearinghouse in Washington, D.C. and staff counsel for Public Citizens Litigation Group in Washington, D.C.; and Quinlan Shea, former Carter administration official who discussed problems of access to government. Former American hostage Terry Anderson will give the keynote address at the dinner tonight. The Freedom Forum First Amendment Center at Vanderbilt University is an independent operating program of The Freedom Forum. The Center's mission is to foster a better public understanding of and appreciation for First Amendment rights and values, including freedom of religion, free speech and press, the right to petition government and peaceful assembly. The Freedom Forum is a nonpartisan, international organization dedicated to free press, free speech and free spirit for all people. It is supported entirely by an endowment established by Frank E. Gannett in 1935 that has grown to more than $700 million in diversified managed assets. Its headquarters is The Freedom Forum World Center in Arlington, Va. ------------------------------ Date: Fri, 23 Apr 1993 13:25:21 -0700 From: Peter shipley Subject: File 6--Hacker Accused of Rigging Radio Contests (Reprinted from RISKS DIGEST, #14.55) Hacker Accused of Rigging Radio Contests By Don Clark Chronicle staff writer San Francisco Chronicle 22 Apr 1993 A notorious hacker was charged yesterday with using computers to rig promotional contest at three Los Angeles radio stations, in a scheme that allegedly netted two Porsches, $20,000 in cash and at least two trips to Hawaii. Kevin Lee Poulsen, now awaiting trial on earlier federal charges, is accused of conspiring with two other hackers to seize control of incoming phone lines at the radio stations. By making sure that only their calls got through, the conspirators were assured of winning the contests, federal prosecutors said. A new 19-count federal indictment filed in Los Angeles charges that Poulsen also set up his own wire taps and hacked into computers owned by California Department of Motor Vehicles and Pacific Bell. Through the latter, he obtained information about the undercover businesses and wiretaps run by the FBI, the indictment states. Poulsen, 27, is accused of committing the crimes during 17 months on the lam from earlier charges of telecommunications and computers fraud filed in San Jose. He was arrested in April 1991 and is now in the federal Correctional Institution in Dublin. In December, prosecutors added an espionage charge against him for his alleged theft of a classified military document. The indictment announced yesterday adds additional charges of computer and mail fraud, money laundering, interception of wire communications and obstruction of justice. Ronald Mark Austin and Justin Tanner Peterson have pleaded guilty to conspiracy and violating computer crime laws and have agreed to help against Poulsen. Both are Los Angeles residents. Poulsen and Austin have made headlines together before. As teenagers in Los Angeles, the two computer prodigies allegedly broke into a Pentagon-organized computer network that links researchers and defense contractors around the country. Between 1985 and 1988, after taking a job at Menlo Park-based SRI International, Poulsen allegedly burglarized or used phony identification to sneak into several Pacific Bell offices to steal equipment and confidential access codes that helped him change records and monitor calls. After being indicted on these charges in 1989, Poulsen skipped bail and fled to Los Angeles where he was eventually arrested at a suburban grocery store. One of the unanswered mysteries about the case is how he supported himself as a fugitive. The new indictment suggests that radio stations KIIS-FM, KRTH-FM and KPWR-FM unwittingly helped out. Poulsen and his conspirators are accused of hacking into Pacific Bell computers to block out other callers seeking to respond to contests at the stations. The conspirators allegedly used the scheme to let Poulsen and Austin win Porsches from KIIS and let a confederate win $20,000 from KPWR. Poulsen created aliases and phony identification to retrieve and sell one of his Porsches and launder the proceeds of the sale, the indictment states. In February 1989, they arranged for Poulsen's sister to win a trip to Hawaii and $1,000 from KRTH, the indictment states. [Included in RISKS with permission of the author] ------------------------------ Date: 28 Apr 93 22:24:19 EDT From: Anonymous Subject: File 7--"Hacker" Executed in China (Associated Press, April 26)-- A man accused of invading a computer and embezzling some $192,000 has been executed in China. The French Agence France-Press International News Service says Shi Biao, an accountant at the Agricultural Bank of China's Jilin branch, was accused of forging deposit slips from Aug. 1 to Nov. 18, 1991. AFP, reporting from Beijing, quoted the Xinhua news agency as saying the crime was "the first case of bank embezzlement via computer" in China, adding it came to light when Shi and his alleged accomplice, Yu Lixin, tried to wire part of the money to Shenzhen in southern China. --Charles Bowen ------------------------------ Date: Fri, 30 Apr 1993 22:25:12 From: CuD Moderators Subject: File 8--Electronic Privacy Conf w/Oliver North & Chris Goggans Systems Technology Services, Inc., of Newton, N.J., is sponsoring the ELECTRONIC PRIVACY IN THE 90'S conferenceon May 13-14, 1993 in Washington, D.C. Billed as "A management Awareness Program, the stated intent is to "present an array of guest speakers with a diversity of backgrounds." According to the conference brochure: This presentation has been designed to introduce the threat of loss of assets due to the growing changes in electronic technologies. Participants are experienced professionals, each of who offers years of real time experiences within his own realm of expertise. Featured participants include Stansfield Turner, former director of the CIA, Oliver North, described as: ...CEO of Guardian Technologies, which manufactures protective equipment for law enforcement, serves as Prsident of Freedom Alliance, a non-profit foundation dedicated to promoting the principles of liberty, strong defense and traditional morality in national policy. Other featured speakers include Jim Ross of Ross Engineering, Tobey B. Marzouk, an partner at the Washington, D.C. law firm of Marzouk & Perry, and Donald P. Delany, a computer crime investigator with the New York State Police. Chris Goggans is the final featured speaker. ------------------------------ End of Computer Underground Digest #5.32 ************************************